Middleware is a term used to define a bridge between two operations. In this case, our middleware is used as the bridge between our user and their ability to access the requested PDF. Or in other words, our middleware acts as the security layer. A user has to flow through each middleware filter and pass each test before they can view the PDF. If a middleware filter returns WP_Error the user will be denied access to the PDF.

By default we have seven security tests in place to protect your PDFs. These include a check on the PDFs public status, the state, conditional restrictions, the ownership, timeout checks, IP matching and the current user’s capabilities.

This filter allows you to remove any of the existing middleware and replace them with your own custom authentication. For instance, you might like to use API keys to do all your authentication. Or create a one-time access link. This filter allows you to do all that and more. But keep security at the forefront of your mind. By changing the default operation you could unintentionally give unauthorised users access to sensitive information.You have been warned!

Another key consideration when working with this filter and Gravity PDF is that each PDF is generated using a unique URL and should be treated as separate page in WordPress. A PDF has no notion of the post or page it’s been linked from so you can’t do specific actions based on is_page() or is_post() – you would need to pass that information as URL parameters instead.

The important part to remember about working with our middleware is that filters should only return WP_Error when the check fails. If a check passes we just return the value of $error and let the process continue.